#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Insider Risk Management

Cybercrime | Breaking Cybersecurity News | The Hacker News

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

Hackers Exploit Job Boards, Stealing Millions of Resumes and Personal Data

Feb 06, 2024 Dark Web / Cybercrime
Employment agencies and retail companies chiefly located in the Asia-Pacific (APAC) region have been targeted by a previously undocumented threat actor known as  ResumeLooters  since early 2023 with the goal of stealing sensitive data. Singapore-headquartered Group-IB said the hacking crew's activities are geared towards job search platforms and the theft of resumes, with as many as 65 websites compromised between November 2023 and December 2023. The stolen files are estimated to contain 2,188,444 user data records, of which 510,259 have been taken from job search websites. Over two million unique email addresses are present within the dataset. "By using SQL injection attacks against websites, the threat actor attempts to steal user databases that may include names, phone numbers, emails, and DoBs, as well as information about job seekers' experience, employment history, and other sensitive personal data," security researcher Nikita Rostovcev  said  in a report sh
Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

Belarusian National Linked to BTC-e Faces 25 Years for $4 Billion Crypto Money Laundering

Feb 05, 2024 Cryptocurrency / Financial Fraud
A 42-year-old Belarusian and Cypriot national with alleged connections to the now-defunct cryptocurrency exchange BTC-e is facing charges related to money laundering and operating an unlicensed money services business. Aliaksandr Klimenka , who was arrested in Latvia on December 21, 2023, was extradited to the U.S. and is currently being held in custody. If convicted, he faces a maximum penalty of 25 years in prison. BTC-e, which had been operating since 2011, was seized by law enforcement authorities in late July 2017 following the arrest of another key member  Alexander Vinnik , in Greece. The exchange is alleged to have received deposits valued at over $4 billion, with Vinnik laundering funds received from the hack of another digital exchange, Mt. Gox, through various online exchanges, including BTC-e. Court documents  allege  that the exchange was a "significant cybercrime and online money laundering entity," allowing its users to trade in bitcoin with high levels of
AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

AllaKore RAT Malware Targeting Mexican Firms with Financial Fraud Tricks

Jan 27, 2024 Malware / Software Update
Mexican financial institutions are under the radar of a new spear-phishing campaign that delivers a modified version of an open-source remote access trojan called  AllaKore RAT . The BlackBerry Research and Intelligence Team attributed the activity to an unknown Latin America-based financially motivated threat actor. The campaign has been active since at least 2021. "Lures use Mexican Social Security Institute (IMSS) naming schemas and links to legitimate, benign documents during the installation process," the Canadian company  said  in an analysis published earlier this week. "The AllaKore RAT payload is heavily modified to allow the threat actors to send stolen banking credentials and unique authentication information back to a command-and-control (C2) server for the purposes of financial fraud." The attacks appear to be designed to particularly single out large companies with gross revenues over $100 million. Targeted entities span retail, agriculture, publ
cyber security

Protecting Your Organization From Insider Threats - All You Need to Know

websiteWing SecuritySaaS Security
Get practical insights and strategies to manage inadequate offboarding and insider risks effectively.
SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

SHQ Response Platform and Risk Centre to Enable Management and Analysts Alike

May 13, 2024Threat Detection / SoC / SIEM
In the last decade, there has been a growing disconnect between front-line analysts and senior management in IT and Cybersecurity. Well-documented challenges facing modern analysts revolve around a high volume of alerts, false positives, poor visibility of technical environments, and analysts spending too much time on manual tasks. The Impact of Alert Fatigue and False Positives  Analysts are overwhelmed with alerts. The knock-on effect of this is that fatigued analysts are at risk of missing key details in incidents, and often conduct time-consuming triaging tasks manually only to end up copying and pasting a generic closing comment into a false positive alert.  It is likely that there will always be false positives. And many would argue that a false positive is better than a false negative. But for proactive actions to be made, we must move closer to the heart of an incident. That requires diving into how analysts conduct the triage and investigation process. SHQ Response Platfo
Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

Russian TrickBot Mastermind Gets 5-Year Prison Sentence for Cybercrime Spree

Jan 26, 2024 Cyber Crime / Malware
40-year-old Russian national Vladimir Dunaev has been sentenced to five years and four months in prison for his role in creating and distributing the TrickBot malware, the U.S. Department of Justice (DoJ) said. The development comes nearly two months after  Dunaev pleaded guilty  to committing computer fraud and identity theft and conspiracy to commit wire fraud and bank fraud. "Hospitals, schools, and businesses were among the millions of TrickBot victims who suffered tens of millions of dollars in losses," DoJ  said . "While active, TrickBot malware, which acted as an initial intrusion vector into victim computer systems, was used to support various ransomware variants." Originating as a banking trojan in 2016, TrickBot evolved into a Swiss Army knife capable of delivering additional payloads, including ransomware. Following efforts to take down the botnet, it was absorbed into the Conti ransomware operation in 2022. The cybercrime crew's allegiance to
Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

Cyber Threat Landscape: 7 Key Findings and Upcoming Trends for 2024

Jan 25, 2024 Threat Intelligence / Cybercrime
The 2023/2024 Axur Threat Landscape Report provides a comprehensive analysis of the latest cyber threats. The information combines data from the platform's surveillance of the Surface, Deep, and Dark Web with insights derived from the in-depth research and investigations conducted by the Threat Intelligence team. Discover the full scope of digital threats in the Axur Report 2023/2024. Overview In 2023, the cybersecurity landscape witnessed a remarkable rise in cyberattacks.  One notable shift was the cyber risk integration with business risk, a concept gaining traction in boardrooms worldwide. As the magnitude of losses due to cyberattacks became evident, organizations started reevaluating their strategies.  Geopolitical factors played a significant role in shaping information security. The conflicts between nations like Russia and Ukraine had ripple effects, influencing the tactics of cybercriminals. It was a year where external factors intertwined with digital threats. Ran
U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

U.S., U.K., Australia Sanction Russian REvil Hacker Behind Medibank Breach

Jan 24, 2024 Cryptocurrency / Cybercrime
Governments from Australia, the U.K., and the U.S. have imposed financial sanctions on a Russian national for his alleged role in the 2022 ransomware attack against health insurance provider Medibank. Alexander Ermakov (aka blade_runner, GistaveDore, GustaveDore, or JimJones), 33, has been tied to the breach of the Medibank network as well as the theft and release of Personally Identifiable Information (PII) belonging to the Australian company. The ransomware attack, which  took place in late October 2022  and attributed to the  now-defunct REvil ransomware crew , led to the unauthorized access of approximately 9.7 million of its current and former customers. The stolen information included names, dates of birth, Medicare numbers, and sensitive medical information, including records on mental health, sexual health and drug use. Some of these records were leaked on the dark web. As part of the trilateral action, the sanctions  make  it a criminal offense to provide assets to Erma
VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates

VexTrio: The Uber of Cybercrime - Brokering Malware for 60+ Affiliates

Jan 23, 2024 Malware / Cyber Threat
The threat actors behind ClearFake, SocGholish, and dozens of other e-crime outfits have established partnerships with another entity known as  VexTrio  as part of a massive "criminal affiliate program," new findings from Infoblox reveal. The latest development demonstrates the "breadth of their activities and depth of their connections within the cybercrime industry," the company said , describing VexTrio as the "single largest malicious traffic broker described in security literature." VexTrio, which is believed to be have been active since at least 2017, has been attributed to  malicious campaigns  that use domains generated by a dictionary domain generation algorithm ( DDGA ) to propagate scams, riskware, spyware, adware, potentially unwanted programs (PUPs), and pornographic content. This includes a 2022 activity cluster that  distributed the Glupteba malware  following an earlier attempt by Google to take down a significant chunk of its infrastru
Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software

Experts Warn of macOS Backdoor Hidden in Pirated Versions of Popular Software

Jan 19, 2024 Malware / Endpoint Security
Pirated applications targeting Apple macOS users have been observed containing a backdoor capable of granting attackers remote control to infected machines. "These applications are being hosted on Chinese pirating websites in order to gain victims," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley  said . "Once detonated, the malware will download and execute multiple payloads in the background in order to secretly compromise the victim's machine." The backdoored disk image (DMG) files, which have been modified to establish communications with actor-controlled infrastructure, include legitimate software like Navicat Premium, UltraEdit, FinalShell, SecureCRT, and Microsoft Remote Desktop. The unsigned applications, besides being hosted on a Chinese website named macyy[.]cn, incorporate a dropper component called "dylib" that's executed every time the application is opened. The dropper then acts as a conduit to fetch a backdoor
3 Ransomware Group Newcomers to Watch in 2024

3 Ransomware Group Newcomers to Watch in 2024

Jan 15, 2024 Ransomware / Cybercrime
The ransomware industry surged in 2023 as it saw an alarming 55.5% increase in victims worldwide, reaching a staggering 4,368 cases.  Figure 1: Year over year victims per quarter The rollercoaster ride from explosive growth in 2021 to a momentary dip in 2022 was just a teaser—2023 roared back with the same fervor as 2021, propelling existing groups and ushering in a wave of formidable newcomers. Figure 2: 2020-2023 ransomware victim count LockBit 3.0 maintained its number one spot with 1047 victims achieved through the  Boeing  attack, the Royal Mail Attack, and more.  Alphv  and  Cl0p  achieved far less success, with 445 and 384 victims attributed to them, respectively, in 2023.  Figure 3: Top 3 active ransomware groups in 2023 These 3 groups were heavy contributors to the boom in ransomware attacks in 2023, but they were not the sole groups responsible. Many attacks came from emerging ransomware gangs such as  8Base , Rhysida, 3AM, Malaslocker,  BianLian , Play,  Akira , and o
29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

29-Year-Old Ukrainian Cryptojacking Kingpin Arrested for Exploiting Cloud Services

Jan 13, 2024 Cryptojacking / Cloud Security
A 29-year-old Ukrainian national has been arrested in connection with running a "sophisticated cryptojacking scheme," netting them over $2 million (€1.8 million) in illicit profits. The person, described as the "mastermind" behind the operation, was apprehended in Mykolaiv, Ukraine, on January 9 by the National Police of Ukraine with support from Europol and an unnamed cloud service provider following "months of intensive collaboration." "A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs," Europol  said , adding it shared the intelligence with the Ukrainian authorities. The Cyber Police of Ukraine, in a separate announcement, said the suspect "infected the servers of a well-known American company with a miner virus" at least since 2021, using custom brute-force tools to infiltrate 1,500 accounts of the firm. "Using the compromised accounts, the hacker gained access to the management of the service," the a
Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

Syrian Hackers Distributing Stealthy C#-Based Silver RAT to Cybercriminals

Jan 08, 2024 Malware / Cybercrime
Threat actors operating under the name Anonymous Arabic have released a remote access trojan (RAT) called  Silver RAT  that's equipped to bypass security software and stealthily launch hidden applications. "The developers operate on multiple hacker forums and social media platforms, showcasing an active and sophisticated presence," cybersecurity firm Cyfirma  said  in a report published last week. The actors, assessed to be of Syrian origin and linked to the development of another RAT known as S500 RAT, also run a Telegram channel offering various services such as the distribution of cracked RATs, leaked databases, carding activities, and the sale of Facebook and X (formerly Twitter) bots. The social media bots are then utilized by other cyber criminals to promote various illicit services by automatically engaging with and commenting on user content. In-the-wild detections of Silver RAT v1.0 were first observed in November 2023, although the threat actor's plans to release the tr
DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud

DoJ Charges 19 Worldwide in $68 Million xDedic Dark Web Marketplace Fraud

Jan 08, 2024 Financial Fraud / Cybercrime
The U.S. Department of Justice (DoJ) said it charged 19 individuals worldwide in connection with the now-defunct xDedic Marketplace , which is estimated to have facilitated more than $68 million in fraud. In  wrapping up its investigation  into the dark web portal, the agency said the transnational operation was the result of close cooperation with law enforcement authorities from Belgium, Germany, the Netherlands, Ukraine, and Europol. Of the 19 defendants, three have been sentenced to 6.5 years in prison, eight have been awarded jail terms ranging from one year to five years, and one individual has been ordered to serve five years' probation. One among them includes Glib Oleksandr Ivanov-Tolpintsev, a Ukrainian national who was  sentenced to four years in prison  in May 2022 for selling compromised credentials on xDedic and making $82,648 in illegal profits. Dariy Pankov, described by the DoJ as one of the highest sellers by volume, offered credentials of no less than 35,000 ha
Carbanak Banking Malware Resurfaces with New Ransomware Tactics

Carbanak Banking Malware Resurfaces with New Ransomware Tactics

Dec 26, 2023 Malware / Cybercrime
The banking malware known as  Carbanak  has been observed being used in  ransomware attacks  with updated tactics. "The malware has adapted to incorporate attack vendors and techniques to diversify its effectiveness," cybersecurity firm NCC Group  said  in an analysis of ransomware attacks that took place in November 2023. "Carbanak returned last month through new distribution chains and has been distributed through compromised websites to impersonate various business-related software." Some of the impersonated tools include popular business-related software such as HubSpot, Veeam, and Xero. Carbanak , detected in the wild since at least 2014, is known for its data exfiltration and remote control features. Starting off as a banking malware, it has been put to use by the  FIN7 cybercrime syndicate . In the latest attack chain documented by NCC Group, the compromised websites are designed to host malicious installer files masquerading as legitimate utilities to
British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

British LAPSUS$ Teen Members Sentenced for High-Profile Attacks

Dec 24, 2023 Cyber Crime / Data Breach
Two British teens part of the LAPSUS$ cyber crime and extortion gang have been sentenced for their roles in orchestrating a string of high-profile attacks against a number of companies. Arion Kurtaj, an 18-year-old from Oxford, has been sentenced to an indefinite hospital order due to his intent to get back to cybercrime "as soon as possible," BBC  reported . Kurtaj, who is autistic, was deemed unfit to stand trial. Another LAPSUS$ member, a 17-year-old unnamed minor, was sentenced to an 18-month-long Youth Rehabilitation Order, including a three-month intensive supervision and surveillance requirement. He was found guilty of two counts of fraud, two Computer Misuse Act offenses, and one count of blackmail. Both defendants  were initially arrested in January 2022, and then released under investigation. They were re-arrested in March 2022. While Kurtaj was later granted bail, he continued to attack various companies until he was arrested again in September. The attack sp
Cybersecurity
Expert Insights
Cybersecurity Resources